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If you have purchased a computer and set it up in your home, you are that 
computer’s administrator. Computers on a network in an institution, such 

as at a university, are called clients. The clients are managed by one or more 
system or network administrators, who have the task of ensuring that the 
network and its services are reliable, fast, and secure. Although most 

network administration takes place on the server end, clients must also be 
administered. Windows XP includes administrative tools that make it easy to 
ensure that client computers are operating as they should. @fqm= John Casey, 
owner of Wired Coffee Company, is considering setting up a few computers 
for patrons to use while relaxing at Wired Coffee. He wants to understand 


more about how those computers would need to be administrated and 
secured. He asks his system administrator, Margaret Kolbe, to assist him in 
understanding Windows XP administrative tools. 


P) Exploring Windows 


windows XP | Administrative Tools 


Windows XP offers a set of administrative tools that help you administer your computer and ensure 
it operates smoothly. The Administrative Tools window, opened from the Control Panel, provides 
tools that allow you to configure administrative settings for local and remote computers as shown 
in Table P-1. If you are working on a shared or network computer, you might need to be logged on 
as a computer administrator or as a member of the Administrators group in order to view or mod- 
ify some properties or perform some tasks with the administrative tools. You can open User 
Accounts in the Control Panel to check which account is currently in use or check with your system 
administrator to determine whether you have the necessary access privileges. fip» Margaret 
explains that many Windows XP users won't ever have to open the Administrative Tools window, 
but that computers open to the public or on a network will probably require more maintenance. 
She suggests, therefore, that John open this window to see the tools available to him. 


If you are working on a shared or network computer, you might not be able to work 


through all the steps in this unit; however, you can read the lessons without com- 
pleting the steps to learn what is possible as a system administrator. 


1. Click the Start button on the taskbar 
Make a note of the name that appears at the top of the Start menu, which identifies the 
account currently logged onto your computer. 


2. Click Control Panel, then click Switch to Classic View if necessary 
The Control Panel window opens, displaying the available administrative tools. 


3. Double-click the User Accounts icon 88 


If you are not logged on as a The User Accounts window opens, displaying a list of user accounts at the bottom of the win- 
computer administrator, dow. If the name at the top of the Start menu matches the name associated with the computer 
check with your instructor or administrator account, you have the access privileges to use all the administrative tools. 


network administrator to : : : 
determine whether you need 4. Click the Close button in the User Accounts window 


to log off and log on as a The Control Panel window appears. 
Computer administrator. 


5. Double-click the Administrative Tools icon “w 
Figure P-1 shows the tools available on John’s computer. Your Administrative Tools window 
might show other tools or fewer tools if your network administrator has installed additional 
administrative tools or removed tools. 


Available only in 
the Professional 
edition 


Your list of 
administrative 
tools might differ 


FIGURE P-1: Viewing the Administrative Tools window 
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A network’s security is measured by the degree to which 
data and resources on the computer are protected from 
system failure or unauthorized intrusion. One way a 
network administrator ensures security is by assigning 
rights to individual users or groups of users. For 
instance, a user on a client computer running Windows 
XP that has physical access to a network cannot access 
network files or resources until the administrator has 
granted rights to that computer and user. The ability to 
access administrative tools is assigned only to certain 
user groups, such as the Administrators group, to pro- 
tect the unauthorized or accidental modification of 
important information. If you are a user, or member, in 
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Provides a access 8 to ecininisireie tools fo onaco locall ong remote ‘computers 
Enables programs to access, trace, and meiege datai in database management systems 
Displays monitoring and troubleshooting messages fom te system am other programs: 


Modifies local scent nate such as user rights ai a policies; aeeie only in fre 
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Displays, starts, and stops services provided to users by your computer 


a group that does not have the right to use administra- 
tive tools, you might not be able to perform all the steps 
in this unit or even see some of the tools in Figure P-1. 
To check membership in a group (available in Windows 
XP Professional only), double-click the Computer 
Management icon ©} in the Administrative Tools win- 
dow, click the Expand indicator next to Local Users and 
Groups in the left pane, click the Groups folder, then 
double-click a group icon in the right pane to display a 
list of members in the Properties dialog box. To add 
members, click Add in the Properties dialog box, in the 
Select Users dialog box type the new member name or 
select one as indicated, then click OK twice. 


Once you have selected a 
log from the left pane, click 
View on the menu bar to 
open a menu of viewing 
options, including the option 
of choosing which columns 
to display or the order in 
which they appear. 


If your Security log is blank, 
then you are not on a net- 
work, you don’t have the 


there have been no security 
breaches. Skip Step 6. 


1. 


Ta 2. 


5. 
6. 


rights to view this log, or 7. 


8. 


P) Monitoring Activity 
windows xP | with Event Viewer 


Every time you start Windows, an event-logging service notes any unusual event that occurs, 
such as a failed logon, the installation of a new driver for a hardware device, the failure of a 
device or service to start, or a network interruption. For some critical events, such as when your 
disk is full, a warning message appears on your screen. Most events, however, don’t require 
immediate attention, so Windows logs them in an event log file that you can view using the 
Event Viewer tool. Event Viewer maintains three logs: System, for events logged by Windows 
operating system components; Security, for security and audit events (such as who logged on); 
and Application, for program events. When you are troubleshooting problems on your com- 
puter, you can use the Event Viewer logs to monitor what activity took place. fæ» Margaret 
asks John to open Event Viewer to see what types of activities have been logged on the computer. 


In the Administrative Tools window, double-click the Event Viewer icon 

The Event Viewer window opens. The left pane of the window displays the three types of logs 
maintained by your computer. From the Action menu, you can run commands to save a log 
to a file or open additional log files, for example, from other computers on the network. 


In the left pane, click System if necessary 

The log for System events appears in the right pane of the Event Viewer window. Figure P-2 
shows the System window for John’s computer. Your log will show different events. You can 
click any column header to resort the list; by default, items are sorted by date, with the 
most recent events listed first. The first column, Type, identifies the nature or severity of 
the event: Ñ indicates a normal event; &A warns that the event might indicate a prob- 
lem; and & indicates a more serious error that resulted in the loss of a function or data. 
See Table P-2 for a description of each column. 


. Double-click an event in the right pane 


The Event Properties window for the event you double-clicked opens, showing details of the 
event. Figure P-3 shows the Event Properties window for a system time error. Additionally, a 
description appears, and in some cases, a data section at the bottom of the window. Some 
events generate binary data that experienced computer technicians can evaluate to better 
interpret the event. 


. Click either the up arrow button or the down arrow button 


Another event description appears in the window. 
Click OK to close the Event Properties window 
Click Security in the left pane 


If your computer has experienced any security events, such as a user trying to log on using 
an incorrect password, those events will be listed in the right pane. 


Click Application in the left pane 

The right pane lists all of the events associated with the operation of the various applications 
on your system. This could include the installation of new programs or errors that have 
caused your programs to fail. 


Click System in the left pane to return to the System log 


FIGURE P-2: System Event log 
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FIGURE P-3: Viewing event details 
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TABLE P-2: Event Viewer columns 


column | description 


Computer Name of the computer where the event occurred 
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To clear all the events in a 
log, right-click the appro- 
priate log in the left pane 
(Application, Security, or 
System), then click Clear 
all Events. 


You can open the log you 

archived by using the Open 

Log File command on the 

Action menu in the Event 8 
Viewer window. 


L 


ri 2. 


P) Managing an 
windows XP | Fwent Log 


Event logs grow in size as you work on your computer, but Event Viewer provides tools that help 
you view just the information you need and store the information you want to save for later. For 
example, you can apply a filter that allows you to view only events matching specified criteria, 
such as all events associated with a certain user. You can also search for a specific event using 
similar criteria. You probably don’t want your active log to include events that happened long 
ago. With Event Viewer, you can archive, or save, your log periodically and then clear the 
archived events. Most administrators archive event logs on a regular schedule. @jqgmm= Margaret 
wants John to explore filtering and locating events. John also wants to archive his System log and 
then clear the events to prevent the list from becoming too long. In this lesson, you will practice 
the first few steps of clearing a log, but you will not actually complete the procedure so as not to 
affect your system. 


In the Event Viewer window, click View on the menu bar, then click Filter 

The System Properties dialog box opens with the Filter tab active, as shown in Figure P-4. 
You can deselect the Event types check boxes to view only events of a certain type or from a 
specified time period, or you can view events from a specified source, category, user, com- 
puter, or ID number. 


In the Event types section, deselect each check box except Error, then click OK 
The System Properties dialog box closes, and only error events appear in the System log. 
Depending on your computer system, you might not have any error events. 


3. Click View on the menu bar, click Filter, click Restore Defaults in the System 


Properties dialog box, then click OK 


All events appear in the System log. 


. Click View on the menu bar, then click Find 


The Find in local System dialog box, shown in Figure P-5, allows you to search through all 
types of events or only certain types. You can specify a source, category, ID, computer, user, 
or description when searching for a particular event. Once you've specified what you are 
looking for, you click the Find Next button. 


. Click Close 


The Find in local System dialog box closes. 


. Right-click System in the left pane, then click Save Log File As 


a 7. 


The Save “System” As dialog box opens. 


Click the Save in list arrow, navigate to the drive and folder where your Project Files 


are located, type System in the File name text box, then click Save 
You have saved the system event log in a file with an .evt extension. 


. Click the Close button in the Event Viewer window 


The Event Viewer window closes, and you return to the Administrative Tools window. 


FIGURE P-4: Filtering an event log 
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If the default counters don’t 
track the data you want, you 
can delete them and add the 
ones you want at any time. 


3. 
4. 


To see what a counter mea- 
sures, click the counter in 
the Counter list, then click 
Explain. 


D 5. 


To show accurate processor 
use in a performance chart, 
disable screen savers in the 
Control Panel, as they take up 6. 
processor resources and give 
your chart a distorted view of 
processor performance. 


Ta 3. 


To highlight a line, click the 
counter object at the bottom 

of the chart, then click the 
Highlight button $ onthe 9, 
System Monitor toolbar. 


P) Creating a 
Windows XP Performance Chart 


On a daily basis, your system generates a variety of performance data, such as your computer’s 
memory or processor use, or the amount of congestion on a device. As the system adminis- 
trator, you can use the Performance tool to create charts from the data that enable you to 
observe how a computer’s processes behave over time. The types of performance data you 
monitor and record are called performance objects. Each performance object has a set of 
counters associated with it that provide numeric information. The Performance tool charts 
the numeric data gathered from the counters and provides graphical tools to make it easier to 
analyze and track the performance of your computer. Øf» Margaret helps John create a 
performance chart documenting the activities of the computer’s processor. 


window if necessary 

The Performance window opens, as shown in Figure P-6, and begins charting the default 
counters listed at the bottom of the window. The right pane displays a chart of the object’s 
performance. From the left pane you can create log files that record the performance values 
in text format. 


. Delete each counter by clicking the Delete button ><. on the System Monitor toolbar, 


then click the Add button -+ on the System Monitor toolbar 

Your chart will be difficult to read if you do not limit the number of counters shown on the 
chart. The Add Counters dialog box opens, displaying a list of performance objects and their 
counters that you can select to chart as shown in Figure P-7. You want to chart one of the 
counters associated with the computer’s processor. 


Click the Performance object list arrow, then click Processor if necessary 


Click %Privileged Time in the Select counters from list, then click Add 

The %Privileged Time counter monitors the percentage of the time the processor spends 
working with hardware, system memory, and other privileged system components, which 
are Windows operating system processes or tasks in progress. The Performance tool imme- 
diately begins charting this counter, though you may not be able to see the chart if the Add 
Counters dialog box obscures it on your screen. 


Click %Processor Time in the Select counters from list, then click Add 
This counter measures the percentage of time that the processor is busy executing commands, 
known as a non-idle thread; it is a primary indicator of processor activity. 


Click %User Time, then click Add 


The %User Time counter measures time spent on requests from user applications. 


7. Click Close in the Add Counters dialog box 


A red bar moves across the screen, and the chart shows the performance of the three counters 
as colored lines on the chart. 


Double-click the time in the notification area of the task bar, click Cancel in the Date 
and Time Properties dialog box, then click the Start button on the taskbar twice 


Watch how the measure of processor time jumps up when activity occurs. 


Click the Freeze Display button € on the System Monitor toolbar 


The performance counters stop tracking events. 


FIGURE P-6: Charting system performance 
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P) Setting Up an Alert 


7 In addition to creating performance charts, you can use the Performance window to create user 
Windows XP alerts. An alert is a warning that is automatically generated when a counter value exceeds or falls 
short of a threshold value you have specified. When an alert condition is met, the date and time of 
the event are recorded in the Application log, which you can view from the Event Viewer. For exam- 
ple, you can set the %User Time alert to monitor the percentage of elapsed time the computer 
spends running programs. Some programs require more processing time than others, which can 
slow down your computer. The %User Time alert can let you know if your programs are using too 
many resources and slowing down your computer. Your system can record up to 1,000 alert events, 
after which the oldest events are discarded as new events occur. @fiæ»» Margaret guides John 
through setting up an alert to monitor the use of the computer’s processor. The alert will occur 
whenever the percentage of the time the processor is in use exceeds a certain threshold, such as 75%. 


1. In the Performance window, click the Performance Logs and Alerts icon &l in the 
left pane, then double-click Alerts in the list that opens in the right pane 
2. Click Action on the menu bar, then click New Alert Settings 


The New Alert Settings dialog box opens. Each alert requires a specific name, so you first 
have to give it a name to identify it to the performance monitor. 


3. In the Name box, type Alert Test, then click OK 


The Alert Test dialog box opens. From this dialog box, you specify which counters you want 
to track, and under what conditions the alert will be triggered. 


4. Click Add 


To monitor additional coun- The Add Counters dialog box opens. 
ters, repeat Steps 4-7 for , ` z ; 
pe sonra 5. If necessary, click the Performance object list arrow, then click Processor 


6. Click %Processor Time in the Select counters from list, click Add, then click Close 
The Add Counters dialog box closes, and the Alert Test dialog box appears. 


7. Click the Alert when the value is list arrow, click Over if necessary, then type 75 in 


the Limit text box 
An alert will be added to the alert log when processor time exceeds 75%, as shown in Figure P-8 


8. Click OK 


To stop an alert, select the The Alert Test you just created appears in the right pane of the Performance window. The 
alert in the right pane, then icon appears green $ when it is running and red § when it is not. 

click the Stop the selected : ; , i ; f 

alert button il on the 9. Right-click the Alert Test icon, click Delete, click OK if the Performance Logs and 


toolbar. Alerts message box opens, then click the Close button in the Performance window 
You return to the Administrative Tools window. 


FIGURE P-8: Creating a performance alert 
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You can adjust Windows XP to improve its perfor- 
mance by changing the way Windows XP manages 
system processing and memory. You can set 
Windows XP to give a greater proportion of proces- 
sor time to the program in which you are currently 
working, known as a foreground process. The 
greater the processor time, the faster response time 
you receive from the program in which you are cur- 
rently working. If you have background processes, 
such as printing, that you want to run while you 
work, you might want to have Windows XP share 
processor time equally between background and 
foreground programs. To optimize performance for 
foreground and background processes, double-click 
the System icon $3 in the Control Panel, click the 
Advanced tab in the System Properties dialog box, 


Managing your computer’s performance 


click Settings in the Performance section, click the 
Advanced tab, then click the Programs option but- 
ton if necessary to optimize for foreground pro- 
cesses, or click the Background services option 
button to optimize for background processes. When 
your computer is running low on RAM and more is 
needed immediately to complete your current task, 
Windows XP uses hard disk drive space to simulate 
system RAM. This is known as virtual memory. For 
processes that require a lot of RAM, you can opti- 
mize virtual memory use by allocating more avail- 
able space on your hard disk drive. In the Virtual 
memory section, click Change, then enter the initial 
size and maximum size you want to allocate for vir- 
tual memory use. 


© 


_Windows XP 


Notice that the System Tools 
node lists the Performance 
Logs and Alerts tools a little 
further down, where you can 
make changes to current 
logs and alerts. 


Viewing Computer 
Management Tools 


Computer Management consolidates administrative tools, including those you've already used, 
such as Event Viewer and Performance, into a single window that you can use to manage a local 
or remote computer. When you open Computer Management, the Computer Management 
window uses a two-pane view that is similar to Windows Explorer. The hierarchy of tools in the 
left pane of the Computer Management window is called a console tree, and each main cate- 
gory of tools is called a node. The three nodes in the Computer Management window (System 
Tools, Storage, and Services and Applications), allow you to manage and monitor system events 
and performance and to perform disk-related tasks. Each node contains snap-in tools, which 
come in two types: standalone or extension. Standalone snap-ins are independent tools, while 
extension snap-ins are add-ons to current snap-ins. To perform an administrative task, you 
might need to navigate the hierarchy before you select a tool in the console tree. The selected 
tool appears in the right pane, and you can use the toolbars and menus that appear to take 
appropriate action with the tool. fæ» Margaret asks John to practice using Computer 
Manager by viewing the Application log to see how his alert was monitored. 


1. In the Administrative Tools window, double-click the Computer Management icon £ 
The Computer Management window opens, displaying two panes, as shown in Figure P-9. 
The left pane lists the hierarchy of tools; you navigate the tools using Expand indicators 
and Collapse indicators El to display and hide objects in the tool hierarchy. 


2. Click System Tools in the console tree (the left pane) 
The snap-in tools associated with System Tools appear in the right pane. The detailed list dis- 
plays the snap-in tool type and a description. 


3. Click the Expand indicator +) next to System Tools to view the tools in the System 
Tools node if necessary 


4. Click {+} in the console tree next to Event Viewer to view the event logs if necessary 
5. Click Application under the Event Viewer 


Application events appear in the right pane. 


6. Double-click the first Information event in the Application log list. 
If you have been working through the lessons without pausing, the Application log should show 
two Information events related to the Alert Test event, as well as many others. Figure P-10 shows 
the first event; it notes that the conditions of the Alert Test have been met. 


7. Click Cancel to close the Event Properties dialog box 


You return to the Computer Management window. 


8. Click the Collapse indicator [=] in the console tree next to Event Viewer 


Windows 
administrative 
tools organized 
into one list 


Your event will 


differ 


Description of the 
event indicates that 
the alert conditions 
have been met 


FIGURE P-9: Computer Management window 
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Understanding Disk 
windows x? | File Systems 


A disk must be formatted with a file system that allows it to work with the operating system to store, 
manage, and access data. Two of the most common file systems are FAT (or FAT32, which is an 
improvement on FAT technology) and NTFS. Disks on DOS, Windows 3.1, or Windows 98 com- 
puters use the FAT file system, while disks on computers running Windows NT 4.0 and later (includ- 
ing Windows XP) can use either the NTFS or FAT system. NTFS is a newer file system that improves 
on some of the shortcomings of FAT disks that make them less desirable on a network. Table P-3 
describes the improvements of the NTFS file system over the FAT file system. Which file system your 
disks are most likely to use and why depends on the type of disk, whether your computer is on a net- 
work, and your computer's role as a resource on the network. @jqgum= Margaret explains the features 
of file systems to John. 


There are important differences between FAT and NTFS file systems: 


> FAT 


When you format a disk with the FAT file system, a formatting program divides the disk into stor- 
age compartments. First it creates a series of rings, called tracks, around the circumference of the 
disk. Then it divides the tracks into equal parts, like pieces of a pie, to form sectors, as shown in 
Figure P-11. The number of sectors and tracks depends on the size of the disk. 


Although the physical surface of a disk is made of tracks and sectors, a file is stored in clusters. A clus- 
ter, also called an allocation unit, is one or more sectors of storage space. It represents the mini- 
mum amount of space that an operating system reserves when saving the contents of a file to a disk. 
Thus, a file might be stored in more than one cluster. Each cluster is identified by a unique number. 
The first two clusters, shown in yellow in Figure P-11, are reserved by the operating system. The oper- 
ating system maintains a file allocation table (or FAT) on each disk that lists the clusters on the disk 
and records the status of each cluster: whether it is occupied (and by which file), available, or defec- 
tive. Each cluster in a file “remembers” its order in the chain of clusters—and each cluster points to 
the next one until the last cluster, which marks the end of the file. 


> NTFS 
NTFS features a built-in security system that does not allow users to access the disk unless they 
have a user account and password with the necessary rights and permissions. NTFS protects disks 
from damage by automatically redirecting data from a bad sector to a good sector without requir- 
ing you to run a disk-checking utility. Given the reliability and the built-in repair mechanisms of 
NTES disks, only rarely do they require maintenance. This is an example of fault tolerance, the 
ability of a disk to resist damage, which is a critical issue with disks on a network computer. 


FIGURE P-11: Files stored in clusters 


FILE ALLOCATION TABLE 


CLUSTER COMMENT. 


Reserved for operating system 


Reserved for operating system 


First cluster of file; points to cluster 4 


Second cluster of file; points to cluster 5 


Third cluster of file; points to cluster 6 


Last cluster of file 


TABLE P-3: NTFS improvements on the FAT file system 


Vulnerable to “hackers”—unauthorized users Includes built-in security measures that allow only people who 
who break into other people's files have permission to access files 
Recoverability Likely to fail if a sector containing system data is Highly reliable because it uses redundant storage—it stores 
lost because they store critical system files in everything in vital sectors twice, so if a disk error in a vital sector 
single sectors occurs, NTFS can access file system data from the redundant sector 
File size Designed for small disks (originally less than Handles files up to 64 GB in size 


1 MB in size); can handle a maximum file size of 4 GB 
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P) Managing Disks 


: The Storage node in the Computer Management window provides you with tools, such as Disk 
Windows XP Defragmenter and Disk Management, to help you manage your disks. The Disk Management 
tool is a graphical tool for managing disks that allows you to partition unallocated portions of 
your disks into volumes. A volume is a fixed amount of storage on a disk. A single disk can con- 
tain more than one volume, or a volume can span part of one or more disks. Each volume on a 
disk is assigned its own drive letter, which is why the term volume is often synonymous with the 
term drive. Thus, the same physical disk might contain two volumes. Each volume can use a dif- 
ferent file system, so you might have a single disk partitioned into two volumes, each with its 
own file system. Figure P-12 shows how you might partition a single hard disk in two different 
ways: first, with a single NTFS volume, and second, with one NTFS volume and one FAT vol- 
ume, which can be helpful if you have a computer with two operating systems, Windows 98 on 
the FAT volume and Windows XP on the NTFS volume. fæ» Margaret suggests that John 
view the storage tools. 


1. In the Computer Management window, click the Expand indicator next to the 
Storage node if necessary 


2. In the console tree, click Disk Management 
The disks on your computer appear in the right pane. The top right pane of the window 
displays your computer’s volumes, and the bottom right pane offers a graphic display of 
the breakdown of space on each disk, allowing you to see how your disks are partitioned. 
Figure P-13 displays a computer with a hard disk and a CD-ROM disk, assigned to drive 
letter D. The hard disk, labeled Disk 0, has only one FAT drive, assigned to drive letter C:, 
and no unallocated space. The 0 in the label Disk 0 indicates the disk number, starting 
from 0, for each disk type disk on the computer. Hard and removable disks are one disk 
type, while CD-ROMs and DVDs are another. 


3. Click the Settings button Æ on the toolbar 
The Settings dialog box opens, as shown in Figure P-14, allowing you to change the color or 
pattern of any disk region displayed in the Disk Management window. Refer to the Disk 
region list in Figure P-14 to identify the disk regions that you might see on your drives. 
System administrators use many of the items in this list to create drives that are extremely 
reliable for data storage. 


4. Click Cancel to close the Settings dialog box 


5. In the console tree, click Disk Defragmenter 
The Disk Defragmenter program window appears in the right pane. You can analyze and 
defragment a disk from the Computer Management window. 


6. Click the Close button in the Computer Management window 


FIGURE P-12: A hard disk, partitioned two different ways 


D: drive NTFS 
volume 
(100 MB) 

i 


ml Computer Management (Local) yolun | le Sy i atu Capacity 
E- System Tools ) Partition Basic FAT32 Healthy (System) 16.88 GB 
(È Event viewer Drive is formatted 
snared Folders using the FAT32 
Local Users and Groups . 
| Performance Logs and Alerts file system 
SM, Device Manager 
& Storage 
+ Removable Storage 
E Disk Defragmenter 
Disk Management 


a Services and Applications 


C: drive NTFS 

volume 

(150 MB) D: drive FAT 
volume 


Two drives on 
the system 


FIGURE P-14: Settings dialog box 
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P) Monitoring Local 
Windows XP Security Settings 


Using Windows XP Professional, you can view and monitor local security settings with the 
Local Security Settings tool to ensure that computer users are adhering to the organization’s 
security policies. For example, you can set user account and password options to require com- 
puter users to create complex passwords of a specific length and change them on a regular 
basis. A complex password contains characters from at least three of the four following cate- 
gories: uppercase (A through Z), lowercase (a through z), numbers (0 through 9), and nonal- 
phanumeric (!, $, *, etc.). In addition to setting security options, you can also monitor, or 
audit, the success or failure of security related events, such as account logon and logoff activi- 
ties, user account changes, and program launches. When an event that you have chosen to audit 
is triggered, it appears in the Event Viewer in the Security node. Øf» Margaret suggests that 
John learn how to view and monitor local security settings. 


If you are using Windows XP Home edition, you will not be able to work through the 
steps in this topic. Read the topic without completing the steps. 


1. In the Administrative Tools window, double-click the Local Security Policy icon {£ 
The Local Security Settings window opens, with a two-pane view like Windows Explorer. 


2. Click the Expand indicator next to Account Policies, then click the Password 
Policy folder 


Password Policy displays current password policies and settings, as shown in Figure P-15. 


3. In the right pane, double-click Maximum password age, then click Cancel to avoid 
making any changes 
The Maximum password age Properties dialog box displays a numeric box in which you can 
change the number of days until a password expires. 


4. Click +} next to Local Policies, then click the Audit Policy folder 
Audit Policy displays security events you can monitor in the Event Viewer. 
9. In the right pane, double-click Audit account logon events to open its Properties dia- 


log box, click the Success check box to select it, then click OK 
Audit account logon events policy changes to “Success,” as shown in Figure P-16. 


6. Click the Start button on the taskbar, click Log Off, click Switch User, then log on 
If Switch User is not avail- again with your account or the administrator account 
able, click Logoff, close all Logging off and on your computer triggers the local security policy event. 
programs if necessary, log on ; f ; f ; ; ; , 
again, then open the 7. In the Local Security Settings window with Audit Policy selected, double-click Audit 


Administration Tools window account logon events in the right pane to open its Properties dialog box, click the 
via the Control Panel and ‘ ; . . 
start Local Security Settings. Success check box to deselect it, click OK, then click the Close button in the Local 


Security Settings window 
The audit policy is restored to its original settings, and the Local Security Settings window closes. 


8. In the Administration Tools window, double-click the Event Viewer icon $ to open the 
Event Viewer window, then click Security in the left pane 
The successful audit events appear in the Event Viewer, as shown in Figure P-17. 


9. Scroll to the right and change column widths if necessary to display audit information, then 
click the Close button in the Event Viewer, Administrative Tools, and Control Panel windows 


FIGURE P-15: Password policies with current settings 
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® Concepts Review | 


Label each element of the screen shown in Figure P-18. 
FIGURE P-18 
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. Which element points to the tool that displays monitoring and troubleshooting messages from the system and 

other programs? 

Which element points to the tool that displays graphs of system processes and configures data logs and alerts? 

Which element points to the tool that provides access to administrative tools to manage local and remote computers? 

. Which element points to the tool that limits users from accessing and deleting files, using programs, or making 
system-wide changes? 

. Which element points to the tool that manages volumes and creates partitions? 


on 


Match each of the terms with the statement that describes its function. 


6. Performance Monitor a. Allows you to examine System, Security, and Application logs 
7. NTFS b. Allows you to log an alert 
8. Disk Management c. Uses redundant storage 
9. Volume d. Allows you to create a partition 
10. Counter e. When a computer or network is running at a normal level 
11. FAT f. Storage space that can span one or more disks 
12. Baseline g. Designed for small disks 
13. Event Viewer h. Numerical information about the performance of an item on your computer 


Practice 
Select the best answer from the list of choices. 


14. The Computer Management window contains tools that allow you to: 


a. Install new programs. c. View but not change system information. 
b. Change your display settings. d. Track performance data. 

15. If you want your computer to create an alert when your processor is running at 85%, which tool should you use? 
a. Disk Administrator c. Performance Monitor 
b. Event Viewer d. User Manager 

16. If an alert threshold value is reached, Windows will: 
a. Add an alert event to the Event Log. c. Shut down the computer. 
b. Send e-mail to the network administrator. d. Print a diagnostic report. 

17. To interpret a performance chart, an administrator should compare it to: 
a. A Windows diagnostic report. c. A list of volumes in Disk Management. 
b. The Event Viewer System log. d. A baseline chart. 


18. What is a counter? 

a. An object such as a processor or physical disk 

b. A program you can run when an alert reaches a threshold value 

c. A numeric value that measures the performance of an object 

d. A red bar on the Performance Monitor chart that indicates an object’s status 
19. FAT stands for: 


a. File allocation track. c. File allocation table. 

b. Format allocation track. d. Format allocation table. 
20. The Disk Management tool allows you to partition disks into: 

a. Clusters. c. Sectors. 

b. Volumes. d. Tracks. 


B Skills Review 


1. Explore Windows administrative tools. 
a. Open the Control Panel, then double-click the Administrative Tools icon. 
b. Write down a sentence that describes each administrative tool. 

. Monitor activity with Event Viewer. 

a. Start Event Viewer, then click the Application icon in the left pane. If this log is empty, use another log, such 

as System. 
b. Double-click one of the entries to view a description of that event in the Event Properties window, click the 
up arrow or down arrow button to display other events, then click OK. 

Manage an event log. 

. In the Event Viewer window, click View on the menu bar, then click Filter. 

. Deselect all the Event types check boxes except for Warning and Error, then click OK. 

. View details on two of the events. 

. Click View on the menu bar, click Filter, click Restore Defaults, then click OK. 

. Click View on the menu bar, then click Find. 
Click the Event source list arrow, then click one of the programs in the list. 

. Click Find Next. (The first event matching your criteria is selected in the event log; if you don’t get a match, 
skip to Step i.) 

. Double-click the event you just found, then click Cancel in the Event Properties window. 

. Save the Application log as Application to the drive and folder where your Project Files are located, then 
close Event Viewer. 
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4. Create a performance chart. 
a. Start Performance, then click the View Graph button on the System Monitor toolbar if necessary. 
b. Click the Add button on the System Monitor toolbar, click the Performance object list arrow, then click Memory. 
c. Add the Available Bytes, and the Committed Bytes counters, then click Close. 
d. Allow the chart to generate for a few minutes, then identify which is greater, the number of available bytes or 
the number of committed bytes. 


5. Set up an alert. 
a. Click the Expand indicator next to Performance Logs and Alerts in the left pane, then click the Alerts icon. 
b. Click Action on the menu bar, then click New Alert Settings. 
c. Type Alert Check, then click OK. 
d. Click Add, then select Processor in the Performance object list if necessary. 
e. Click %Processor Time in the Counter list, click Add, then click Close. 
f. Set the Alert when the value is option to Over, type 85 in the Limit text box, then click OK. 
g. Return to the Performance window and delete the alert you just created. 
h. Close Performance. 


o 


. View Computer Management tools. 
a. Start Computer Management, then open the Event Viewer folder. 
b. Double-click Application in the right pane, double-click an event, then click OK. 
c. Open Device Manager, then open Disk Defragmenter. 
. Manage disks. 
. In the Computer Management window, open Disk Management. 
. Identify the number of FAT volumes you have and the number of NTFS volumes if any. 
. Determine how physical disk space is used on your computer. 
. Write down two reasons why your computer’s disks might be configured the way they are (consider the 
advantages of NTFS over FAT in a network environment). 
e. Close Computer Management. 
. View and save system information. 
. Start Local Security Settings. If you are using Windows XP Home edition, skip these steps. 
. Open the Account Policies folder, then open the Password Policy folder. 
. Double-click a policy to view its options, then click Cancel. 
. Open the Local Polices folder, then open the Audit Policy folder. 
. Open the Audit policy change policy, select the Success check box, then click OK. 
Open the Audit account management policy, select the Success check box, then click OK. 
. Open each policy you just changed and deselect the Success check box, then click OK to restore settings. 
. Close Local Security Settings. 
Start Event Viewer, click the Security icon in the left pane to view the Policy Change triggered events, then 
close Event Viewer, the Administrative Tools window and the Control Panel window. 


B Independent Challenge 1 | 


You own a small bakery, and you just purchased a computer with Windows XP to help manage inventory, payroll, and 
other accounting procedures. You decide to create a baseline chart using Performance that indicates how the computer 
performs in normal circumstances so you can monitor your system performance. 
a. Use Performance to create a chart with two Memory counters: %Committed Bytes In Use and Cache Bytes. 
b. Print the chart and put your name on the printout. (Press [Print Screen] to make a copy of the screen, open Paint, 
click Edit on the menu bar, click Paste to paste the screen into Paint, then click Yes to paste the large image if 
necessary. Click the Text button on the Toolbox, click a blank area in the Paint work area, then type your name. 
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Practice 


Click File on the menu bar, click Page Setup, change 100% normal size to 50% in the Scaling area, then click 
OK. Click File on the menu bar, click Print, then click Print.) 

c. Use the Explain button in the Add Counters dialog box to learn more about the two counters you charted. On the 
back of your printout, write a short description of both counters. 

d. Close Performance. 


B Independent Challenge 2 | 


You own a small résumé preparation business. You are considering buying a new hard disk for your Windows XP com- 
puter, which you use to produce and store clients’ resumes. Before you shop, you want to produce documentation on 
your current disk setup so that you can take your findings to different computer vendors and provide the sales repre- 
sentatives with the information they need to advise you. You use both Disk Management and Event Viewer. 
a. Open the Computer Management window, then open the Disk Management folder. 
b. Create a printout of your disk configuration and put your name on the printout. (See Independent Challenge 1, 
Step b for print screen printing instructions.) 
c. Open the Event Viewer folder and use the Find feature to view all events related with “disk.” 
d. Open the disk event, then create a printout of Event Properties dialog box. (See Independent Challenge 1, Step b 
for print screen printing instructions.) 
e. Close Computer Management. 


> Independent Challenge 3 | 


You are the systems administrator for the research and development (R&D) department at Herrera Pharmaceuticals. One 
of the R&D specialists has been having problems with her computer. You decide to start by examining the event logs, par- 
ticularly the System log. You also want to check the log settings to make sure the log is collecting data properly. 
a. Start Event Viewer, open the System log, then use the Filter feature to view only Error and Warning events. 
b. Print the list and put your name on the printout. (See Independent Challenge 1, Step b for print screen printing 
instructions.) 
c. Check Event Viewer settings using the Properties command on the Action menu. On the printout, write a sum- 
mary of the current settings. 
d. Save the System log as Latest System to the drive and folder where your Project Files are located. 
e. Restore the default Filter settings, then close Event Viewer. 


B Independent Challenge 4 | 


You and some fellow students at your university have joined forces with a supplier of sweaters, blankets, and other 
handmade wares from Peru to create an international import business. You’ve been using an older computer with 
Windows XP, and you are concerned because your computer runs rather slowly. You decide to run some tests on the 
processor and memory and gather some information about how you might improve your computer's performance. 
a. Use Performance to create two charts, one on memory and one on your computer’s processor. Use three counters 
for each chart. Use the Explain button in the Add Counters dialog box to learn more about the counters. 
b. Print the charts. (See Independent Challenge 1, Step b for print screen instructions.) On the back of each print- 
out, describe the counters and explain the chart results, then close Performance. 
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B Visual Workshop 


This exercise can be completed by users of both Windows XP Professional and Home. Re-create and print the screen 
shown in Figure P-19, which displays a Performance chart. Your chart numbers will differ. Print the screen. (See 
Independent Challenge 1, Step c for print screen printing instructions.) 


FIGURE P-19 
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This exercise can be completed only by users of Windows XP Professional. Re-create and print the screen shown in 
Figure P-20, which displays the Event Viewer window with the Security node selected in the left pane and audit events 
in the right pane. Your date, time, and user name will differ. Print the screen. (See Independent Challenge 1, Step c 
for print screen printing instructions.) 
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